Top 10 Most Popular FAQs

All organisations, including sole proprietorships, are required to designate at least one person, a Data Protection Officer (DPO), to be responsible for ensuring that the organisation complies with the PDPA.

Organisations are also required to ensure that at least one DPO's business contact information is made available to the public. The business contact information may be a general telephone or email address of the organisation.

The DPO may be a person whose scope of work solely relates to data protection or a person in the organisation who takes on this role as one of his multiple responsibilities. To be clear, compliance by the organisation with the PDPA remains the responsibility of the organisation notwithstanding the appointment of the data protection officer.

It is not required under the law to inform the PDPC of your DPO's details but we strongly encourage all organisations to do so. This will help DPOs keep abreast of relevant personal data protection developments in Singapore.

The PDPA does not prescribe where the Data Protection Officer (DPO) should be based. The DPO need not be an employee of the organisation, and organisations may outsource this function to a third party. However, the DPO whose business contact information is provided has to be reachable whenever a member of the public in Singapore attempts to contact him, to be compliant with the PDPA requirements.

The data protection provisions of the PDPA came into force on 2 July 2014 and requires an organisation to designate one or more individuals to be responsible for ensuring compliance with the PDPA. If your organisation handles personal data, you should appoint at least one individual as the DPO.

DPOs may register at www.pdpc.gov.sg/dpo-contact. Once the online submission is successful, an acknowledgement email will be sent to the email address provided. If you did not receive the acknowledgement email, please check your spam folder. For further assistance, please contact us here.

Unsolicited SMSes or calls from unknown sources that are related to loans, financial assistance or online gambling are likely to be associated with unlicensed moneylending and illegal gambling activities. The PDPC investigates all complaints regarding unsolicited telemarketing SMSes or calls seriously. However, unlicensed moneylending and illegal gambling are serious criminal offences in Singapore where the Police are the relevant authority to investigate such offences. If you receive such SMSes or calls, please notify the Police directly by:

An organisation is responsible for all personal data in its possession or under its control. This may relate to not just employees' data but personal data of other persons such as clients or shareholders. The PDPA requires an organisation to designate one or more individuals to be responsible for ensuring compliance with the PDPA.

The PDPA does not stipulate a minimum age for DPOs. However, the appointed person should, for example, have the appropriate expertise and knowledge to be able to ensure that the organisation complies with the PDPA and develop a process to receive and respond to complaints with respect to the application of the PDPA.

There is no deadline to register your DPO. However, we strongly encourage your organisation to register your DPO as early as possible so that he/she can be kept abreast of relevant personal data protection developments in Singapore.